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WHAT IS CLAIMED IS: 



1 1 . A method for protecting publicly accessible network computer 

2 services from undesirable network traffic in real-time, the method comprising: 

3 receiving network traffic destined for the services; 

4 analyzing the network traffic to identify an undesirable user of the 

5 services; and 

6 limiting access of the undesirable user to the services to protect the 

7 services. 

1 2. The method as claimed in claun 1 wherein the undesirable 

2 network traffic includes denial of service attacks. 

1 3 . The method as clauned in claun 1 wherein the network is the 

2 Internet. 

1 4. The method as claimed in claimi 1 further comprising 

2 generating one or more user profiles from the network traffic wherein the step of 

3 analyzing includes the step of comparing the one or more user profiles with a 

4 predetermined profile to determine the undesirable user. 

1 5. The method as claimed in claim 4 wherein the step of 

2 generating the one or more user profiles includes the step of generating request 

3 statistics for the user from the network traffic. 

1 6. The method as claimed in claim 5 wherein the request 

2 statistics include connection statistics and service request distributions. 

1 7. The method as clauned in claim 6 wherein the network is the 

2 Internet and wherein the step of generating request statistics includes the steps of 

3 collecting and correlating Border Gateway Protocol (BGP) data from the Internet to 

4 obtain the service request distributions. 
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1 8. The method as claimed in claim 7 wherein the step of 

2 correlating includes the step of identifying a topologically clustered set of machines 

3 in the Internet based on the data and wherein the service request distributions are 

4 generated from the set of machmes. 

1 9. A system for protecting publicly accessible network computer 

2 services from undesirable network traffic in real-time, the system comprising: 

3 an interface for receiving network traffic destined for the services; 

4 a analysis engine for analyzing the network traffic to identify an 

5 undesirable user of the services; and 

6 a forwarding engine in communication with the analysis engine for 

7 limiting access of the undesirable user to the services to protect the services. 

1 10. The system as claimed in claim 9 wherein the undesirable 

2 network traffic includes denial of service attacks. 

1 11. The system as claimed in claim 9 wherein the network is the 

2 Internet. 

1 12. The system as claimed in claun 9 wherein the forwarding 

2 engine generates one or more user profiles from the network traffic, and wherein the 

3 analysis engine compares the one or more user profiles with a predetermined profile 

4 to determine the undesirable user. 

1 13. The system as claimed in claim 12 wherein the forwarding 

2 engine generates the user profile by generating request statistics for the user from 

3 the network traffic. 
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14. The system as claimed in claim 13 wherein the request 
statistics include connection statistics and service request distributions. 
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1 15 . The system as claimed in claim 14 wherein the network is the 

2 Internet and wherem the forwarding engine collects and correlates Border Gateway 

3 Protocol (BGP) data from the Internet to obtain the service request distributions. 

1 16. The system as claimed m claim 15 wherein the forwarding 

2 engine identifies a topologically clustered set of machines in the Internet based on 

3 the data and wherein the service request distributions are generated from the set of 

4 machines. 
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